# 安装卸载 ## 使用源码 - 准备环境 ```shell yum -y install gcc yum install -y pcre pcre-devel yum install -y zlib zlib-devel ``` - 下载 [官方下载页面](http://nginx.org/en/download.html) ```shell wget http://nginx.org/download/nginx-1.16.1.tar.gz ``` 下载后需解压解压 - 编译与安装 ```shell ./configure --prefix=指定安装目录前缀 --with指定额外的模块 make make install DESTDIR=指定安装目录后缀 ``` 将安装目录的`bin`目录下可执行文件`nginx`拷贝到`/sbin`目录下,这样可以在任意目录下执行`nginx`命令 - 运行与停止 ```shell ningx nginx -s stop nginx -s reload ``` - 卸载 删除安装目录,删除`/sbin/nginx`文件 ## 使用docker - 安装**docker** - 下载镜像 ```shell docker pull nginx ``` - 创建挂载目录 ``` mkdir /home/ningx cd /home/ningx/ mkdir data log touch nginx/conf ``` - 创建并运行容器 ```shell docker run -d --name nginx --restart=always -p 80:80 -v /home/nginx/nginx.conf:/etc/nginx/nginx.conf -v /home/nginx/logs:/var/log/nginx -v /home/nginx/data:/home nginx ``` 容器配置文件位置:`/etc/nginx/nginx.conf` 容器日志目录:`/var/log/nginx` 容器数据目录:`/home` - 运行与重启 ```shell docker start nginx docker stop nginx docker restart nginx ``` - 卸载 删除容器与镜像 ```shell docker rm -f nginx docker rm nginx ``` 删除数据 ```shell rm -rf /home/nginx ``` # 配置 ## http反向代理配置 * 根据路径分发到不同端口参数配置示例 ```tex http { include mime.types; default_type application/octet-stream; server { listen 80; server_name localhost; location / { root proxy_pass http://127.0.0.1:8080; index index.html index.htm; } location /fence { root proxy_pass http://127.0.0.1:8081; index index.html index.htm; } location /RfsSniffer { root proxy_pass http://127.0.0.1:8433; index index.html index.htm; } } } ``` - 根据域名分发到不同端口参数配置示例 ```tex http { server { listen 80; server_name localhost; location / { proxy_pass http://127.0.0.1:8081; index index.html index.htm; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } server { listen 80; server_name location.xumy.vip; location / { proxy_pass http://127.0.0.1:8081; index index.html index.htm; } } } ``` ## tcp转发 转发https请求,无需在nginx配置ssl证书,nginx版本号必须 >1.15.2,编译时必须配置以下模块 `--with-http_stub_status_module --with-http_ssl_module --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module` - 同一个端口监听http与https请求配置示例,$ssl_preread_protocol,可以让stream区分web ssl/tls和其他协议 ```tex stream { upstream http{ server 127.0.0.1:8081; } upstream https{ server 127.0.0.1:8433; } map $ssl_preread_protocol $upstream{ default http; "TLSv1.3" https; "TLSv1.2" https; "TLSv1.1" https; "TLSv1.0" https; "TLSv1" https; "TLSv2" https; "SSLv2" https; "SSLv3" https; } server { listen 0.0.0.0:28181; ssl_preread on; proxy_pass $upstream; } } ``` - http与stream混合使用 ```tex http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; server { listen 80; server_name localhost; location / { proxy_pass http://127.0.0.1:8081; index index.html index.htm; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } server { listen 80; server_name location.xumy.vip; location / { proxy_pass http://127.0.0.1:8081; index index.html index.htm; } } server { listen 80; server_name monitor.xumy.vip; location / { proxy_pass http://127.0.0.1:8082; index index.html index.htm; } } server { listen 80; server_name whims.xumy.vip; location / { proxy_pass http://127.0.0.1:801; index index.html index.htm; } } server { listen 80; server_name license.xumy.vip; location / { proxy_pass http://127.0.0.1:88; index index.html index.htm; } } server { listen 80; server_name robust.xumy.vip; location / { proxy_pass http://127.0.0.1:89; index index.html index.htm; } } server { listen 80; server_name dzwl.xumy.vip; location / { proxy_pass http://127.0.0.1:805; index index.html index.htm; } } } stream{ log_format proxy '$remote_addr - [$time_local] $protocol $status "$upstream_addr" $remote_addr $remote_port '; access_log /home/work/logs/nginx/tcp-access.log proxy; open_log_file_cache off; map_hash_bucket_size 64; map $ssl_preread_protocol $upstream{ default http; "TLSv1.3" $https; "TLSv1.2" $https; "TLSv1.1" $https; "TLSv1.0" $https; "TLSv1" $https; "TLSv2" $https; "SSLv2" $https; "SSLv3" $https; } map $ssl_preread_server_name $https{ default dzwl; } upstream http { server 127.0.0.1:80; } upstream dzwl { server 127.0.0.1:806; } server{ listen 8080; ssl_preread on; proxy_pass $upstream; proxy_connect_timeout 15s; proxy_timeout 15s; proxy_next_upstream_timeout 15s; } }